Counsel Cyber Security and US Privacy Manager

Be a part of a revolutionary change! At Philip Morris International (PMI), weve chosen to do something incredible. Were totally transforming our business and building our future on one clear purpose - to deliver a smoke-free future. With huge change, comes huge opportunity. So, if you join us, youll enjoy the freedom to dream up and deliver better, brighter solutions and the space to move your career forward in endlessly different directions. Our success depends on people who are committed to our purpose and have an appetite for progress. Our beautiful HQ in Stamford, CT is just steps away from the Stamford Metro-North Train Station and easily accessible from NYC.

About the role: The Counsel, Cyber Security and U.S. Privacy Manager serves as a key legal advisor within PMIs Global Data Privacy & Cyber Legal function, acting as both a cybersecurity legal specialist and a U.S. privacy subject‑matter expert. In this capacity, the role provides day‑to‑day global and U.S.‑focused legal guidance on cybersecurity, digital regulatory requirements-including artificial intelligence-security incident response, IT/OT security, and broader data protection matters. The position also contributes to global cyber and digital regulatory strategy in close partnership with the Global Senior Counsel - Data Privacy & Cyber.

In addition, this role leads U.S. privacy counseling and compliance support across PMIs operations, offering legal interpretation and application of federal and state privacy laws (such as CCPA/CPRA, CPA, VCDPA, CTDPA, HIPAA), and navigating their intersections with GDPR and other global regulations. The Counsel manages core U.S. privacy activities including consumer transparency requirements, DPIAs, vendor contract reviews for privacy, AI, and information‑security clauses, and data subject rights support. By strengthening PMIs "follow‑the‑sun" global legal model, this role enhances the companys ability to manage evolving U.S. privacy and cybersecurity regulatory complexity while ensuring alignment with PMIs enterprise‑wide digital, data protection, and cybersecurity objectives.

Your day-to-day

• Provide legal guidance on cybersecurity, digital regulatory matters, IT/OT security, and incident response across PMIs global operations, with emphasis on U.S. requirements.
• Support the SOC, Cyber Defense, and Incident Response teams during potential security events, including triage, investigation, remediation, notifications, and documentation.
• Contribute to PMIs cybersecurity governance frameworks, including policies, playbooks, standards, processes, tabletop exercises, and cross‑market alignment.
• Draft and negotiate cybersecurity, data protection, and technology‑related contractual provisions such as DPAs, security addenda, AI clauses, and vendor due‑diligence terms.
• Monitor U.S. and global developments in cybersecurity, AI, digital regulation, and emerging technologies, translating legal requirements into actionable guidance for business and technical teams.
• Develop and maintain cyber and privacy policies, standards, controls, notices, training materials, and program improvements.
• Identify and advise on legal and compliance risks arising from audits, assessments, testing, and new digital or data initiatives.
• Serve as a key U.S. privacy legal contact, advising on federal and state privacy laws (including CCPA/CPRA, CTDPA, CPA, VCDPA, HIPAA) and their operational impact.
• Support U.S. privacy compliance activities including DPIAs/PIAs, consumer transparency, data subject requests, retention, notices, and governance for new technologies (AI, ML, IoT, biometrics, geolocation).
• Align U.S. privacy and cybersecurity practices with PMIs global frameworks by partnering closely with global legal, digital, commercial, IT, and market teams.
• Build strong relationships with cross‑functional stakeholders, serving as a trusted advisor who provides practical, risk‑based guidance.
• Communicate complex technical and legal concepts clearly to executives, business leaders, engineers, and security teams.
• Manage competing priorities with sound judgment, independence, and urgency, particularly during fast‑moving cybersecurity incidents.
• Drive effective execution of legal and compliance initiatives through strong planning, problem‑solving, project management, and analytical capabilities.
• Contribute to global cyber, privacy, and AI governance initiatives and help localize them for U.S. needs.
• Demonstrate high integrity, accountability, and collaboration while influencing stakeholders and supporting a culture of strong cyber and privacy governance.

What were looking for:

• A licensed U.S. attorney with at least five years of experience advising on cybersecurity and privacy matters in-house or in private practice.
• Strong knowledge of U.S. privacy laws, state breach‑notification rules, and cybersecurity frameworks such as NIST and ISO 27001.
• Familiarity with global privacy, cybersecurity, and emerging digital regulations.
• Ability to thrive in a fast‑paced environment, manage competing priorities, and remain steady and effective during crisis situations.
• Excellent written and verbal communication skills with the ability to draft high‑quality legal documents in English.
• Proven strategic thinking, sound judgment, and the ability to translate complex technical concepts into clear, actionable legal guidance.
• Hands‑on experience advising during cybersecurity incidents and willingness to respond rapidly, including outside regular business hours.
• Demonstrated success negotiating cybersecurity, privacy, and AI‑related contractual terms and contributing to governance frameworks.

Preferred qualifications

• 6+ years of combined law firm and in‑house experience focused on cybersecurity, privacy, digital regulation, or information security.
• Experience advising multinational companies and interacting with regulatory authorities.
• Litigation experience and exposure to OT security, manufacturing environments, or consumer‑facing digital ecosystems.
• Experience supporting digital transformation, AI governance, and enterprise technology initiatives.
• Technical fluency in cybersecurity, IT, or digital systems, with comfort navigating multijurisdictional regulatory landscapes.

Annual Base Salary Range: $149,600 - $187,000

What we offer We offer a competitive base salary, annual bonus (applicable based on level of position), great medical, dental and vision coverage, 401k with a generous company match, incredible wellness benefits, commuter benefits, pet insurance, generous PTO, and much more! We have implemented Smart Work, a hybrid model of working that promotes flexibility in the workplace.

Seize the freedom to define your future and ours. Well empower you to take risks, experiment and explore. Be part of an inclusive, diverse culture where everyones contribution is respected; Collaborate with some of the worlds best people and feel like you belong. Pursue your ambitions and develop your skills with a global business - our staggering size and scale provides endless opportunities to progress. Take pride in delivering our promise to society: To improve the lives of millions of smokers.

PMI is an Equal Opportunity Employer. PMI is headquartered in Stamford, Conn., and its U.S. affiliates have more than 3,000 employees. PMI has been an entirely separate company from Altria and Philip Morris USA since 2008. PMIs affiliates first entered the U.S. market following the companys acquisition of Swedish Match in late 2022. Philip Morris International and its U.S. affiliates are working to deliver a smoke-free future. Since 2008, PMI has invested $12.5 billion globally to develop, scientifically substantiate and commercialize innovative smoke-free products for adults who would otherwise continue to smoke with the goal of transitioning legal-age consumers who smoke to better alternatives. In 2022, PMI acquired Swedish Match - a leader in oral nicotine delivery - creating a global smoke-free champion led by the IQOS and ZYN brands. The U.S. Food and Drug Administration has authorized versions of PMIs IQOS electronically heated tobacco devices and Swedish Matchs General snus as Modified Risk Tobacco Products and renewal applications for these products are presently pending before the FDA.

For more information, please visit www.pmi.com/us and www.pmiscience.com.

#PMIUS #LI-MS1